[Snyk] Upgrade passport-auth0 from 1.0.0 to 1.3.2

[snyk-bot]

Snyk has created this PR to upgrade passport-auth0 from 1.0.0 to 1.3.2.

✨What is Merge Advice?

We check thousands of dependency upgrade pull requests and CI tests every day to see which upgrades were successfully merged. After crunching this data, we give a recommendation on how safe we think the change is for you to merge without causing issues. Learn more, and share your feedback to help improve this feature. 🙏

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 6 versions ahead of your current version.
• The recommended version was released 3 months ago, on 2020-02-03.

Release notes

Package name: passport-auth0

• 1.3.2 - 2020-02-03
  

  Full Changelog

  Closed issues

  • 1.2.1 -> 1.3.1 upgrade causes "Cannot read property 'scope' of undefined" #107
  • TypeError: Cannot read property 'authParams' of undefined #106
  • Cannot read property 'split' of undefined in Profile.js with GSuite login #105

  Fixed

  • Remove ID token iat value check #109 (joshcanhelp)
  • Fix missing ID causing cannot read error #109 (joshcanhelp)
  • Guard against undefined parameter access #108 (pihvi)
• 1.3.1 - 2019-12-06
  

  Full Changelog

  Closed issues

  • the userProfile does not have 'provider' field correctly populated. #102
  • Social login breaks when account name contains utf-8 characters. #100
  • Strategy does not work on Restify #96

  Fixed

  • Parses provider from user_id if identities is not provided. #103 (kertof)
  • Fix decoding jwt when encoded payload contains utf8 characters #101 (abelptvts)
• 1.3.0 - 2019-11-20
  

  Full Changelog

  Added

  • Improved OIDC compliance #97 (davidpatrick)

  Security

  • Update lodash package to address security vulnerabilities #94 (https://github.com/is2ei)
  • Update request package to address security vulnerabilities with dependency cryptiles #98 (davidpatrick)
• 1.2.1 - 2019-08-13
  

  Full Changelog

  Closed issues

  • Strategy constructor mutates options argument #91
  • Infinite redirect loop, "Invalid authorization request state." #89
  • could I use cookie-session instead of express-session? #87

  Fixed

  • Fix strategy constructor to not mutate options argument #92 (naptowncode)
• 1.2.0 - 2019-08-01
  

  Full Changelog

  Closed issues

  • Not obvious how to style lock on redirect #74
  • Auth0 state parameter not always passed through #73
  • Allow for different grant types #72
  • Use native Object.assign instead of xtend #67
  • state parameter default to true #65
  • Custom Claims? #64
  • Auth0Strategy vs OAuth2Strategy #61
  • logout problems #59
  • What is the point of this line? #56
  • Custom User Store vs Auth0 Database #54
  • Setting a proxy #50
  • Document how to access the "state" parameter #40
  • Incompatible with Lock for Web's responseMode option #39
  • Return to same page after login? #38
  • refreshToken is always null #36
  • JWT Token #30
  • Specify JWT scope #29
  • Rule Errors do not propagate #28

  Added

  • Add telemetry #85 (joshcanhelp)
  • Add information on ID token scopes to README #83 (joshcanhelp)
  • Add support for acr_values #78 (federicobarera)
  • Add support for connection_scope option #75 (GertSallaerts)

  Changed

  • Replace xtend with Object.assign #84 (joshcanhelp)

  Security

  • Update mocha package to address security vulnerabilities #82 (dan-auth0)
  • [Snyk] Fix for 5 vulnerable dependencies #77 (snyk-bot)
• 1.1.0 - 2018-10-22
  
  • login_hint may be passed to authorize
• 1.0.0 - 2018-07-04

from passport-auth0 GitHub release notes

Commit messages

Package name: passport-auth0

• 94128dc Update CHANGELOG.md date for 1.3.2
• 8b900c4 Version bump and changelog
• 9c54f5b Remove iat value check and add presence test
• cce15aa Fix missing ID causing cannot read error
• 7879fad Guard against undefined parameter access
• 91a0c54 Release 1.3.1
• 746bd9c remove vscode settings.
• cddf152 remove whitespace changes.
• e6cd1b4 Parses provider from user_id if indentities is not provided.
• 7928648 extend jwt.decode test cases
• 27e6e64 Fix decoding jwt when encoded payload contains utf8 characters
• d5b69d4 Merge pull request Weekly Digest (3 May, 2020 - 10 May, 2020) #99 from auth0/release-v1.3.0
• 54830a7 Release 1.3.0
• 454f6aa Merge pull request [Snyk] Upgrade uuid from 7.0.0 to 7.0.3 #98 from auth0/request_bump
• bb065cc Bump Request from 2.83.0 to 2.88.0
• 032d129 Merge pull request [Snyk] Upgrade passport-auth0 from 1.0.0 to 1.3.2 #97 from auth0/idtoken_validation
• c473a12 Bump Passport Oauth2
• 09f1814 Code comments, whitespace, and Date.now()
• 7f50103 Adding ID Token Validation
• e24a7a6 Setup the .github/stale.yml for Probot:Stale
• f97bf31 Setup the CODEOWNERS for pull request reviews
• ceca278 Setup the CODEOWNERS for pull request reviews
• 50567eb Updated dependencies
• 6321465 Release v1.2.1

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs